Security Today

Comments, thoughts, and pet peeves about the application (or misapplication) of security today.

Wednesday, July 24, 2013

While We're on Burglary Prevention - Window Shopping

Many burglary prevention materials out there contain language about not putting valuables by windows. They speak of electronics, jewelry, money and other items that can be pulled through a window quickly. Let's take a moment and consider another type of valuable that is rarely mentioned.

INFORMATION. Your information is valuable to someone at some point for some purpose. The intruder is looking to make their efforts easier. So what can be seen from your windows?

Can an intruder see a calendar? Does that calendar contain vacation dates, children's appointment schedules, your doctor appointments, or other similar data? What else is left by windows, on tables, and car seats-dashboards-floors?

Take a moment and walk around the house to look into the windows. What do you see? What will a bad guy see?

On a related note, what is in the pictures you and your family are posting on the internet? Are there pictures of that calendar? Valuables?

Monday, July 22, 2013

The Card Trick - Burglar Style

Everyone seems to know one card trick or another. This one can be done with almost anything. The reason cards are often used is their inconspicuous nature and low cost. Consider this, whenever you or one of your neighbors go on vacation does anyone look out for the property? Collect newspapers, mail and clean up anything on the property that you might clean up anyways? This ties back into the concept of "covert channel" communications. The lack of presence at a property could be discerned by the lack of routine activity. Throughout our lives we set patterns and our individual patterns blend with the various groups around us. Someone paying attention to these patterns can easily see a change. A car left parked outside all day and never moved. This might be the second family car and the lack of movement could tip off a bad guy that the family has not been home. A dog that is normally outside in a fenced yard that is conspicuously missing during otherwise fair weather. Any of these could be a tip to the bad guy casing the neighborhood. And by casing, or observing, they could be exposing themselves to undue scrutiny by others in the neighborhood. To avoid this scrutiny the simple card-trick method is used. In addition to avoiding undue scrutiny it also permits the screening of a large number of target residences in one day - without the activity attracting too much attention by itself.

How many times have you come home to find a business card or flyer at your front door? Did you follow up with the business to purchase services? Probably not. Now if a bad guy, or team, were to blanket a neighborhood, or several neighborhoods, with these solicitations it might take a couple of hours. Say half a day tops. The next day, or maybe two days later, they might drive through the same areas and identify those houses that still have these items on the door. Would your neighbor know to check your front door and collect these items as well as mail and trash? In this way the bad guy can identify a number of targets with little effort. No doubt, at least one home owner might catch them at the door depositing the card and make an inquiry. The screening bad guy need only say he/she was just paid to deliver the cards and thereby avoid further inquiry. Or a more elaborate script may be followed whatever works best for them.

That's the card trick. Some sort of debris is left at a residence to identify a lack of attendance to its care. It is fairly easy to defeat this approach through diligence and neighborliness.

Sunday, July 21, 2013

Remote alarm system control

Remotely arming/disarming and alarm system management are popular features no doubt. Are they worth it? What is the best service for remotely managing your alarms?

What exactly do this offer? Remotely managed and controlled alarm systems are a relatively new consumer feature, although it has been around for about a decade. Service providers typically offer web access to your alarm system so you, the user, can make adjustments, set up reports, and sometimes even arm/disarm the system remotely.

This, of course, means your alarm system is accessible via the world wide web - the internet - and anyone with that access (like billions) may also potentially have access as well. Sounds daunting and maybe even discouraging. Is it a risk? Yes. Is it a manageable risk? Yes. Most of these systems offer a feature that allows a message to be sent (email or sms) whenever the account is logged into, so the user can quickly know that someone has attempted or gained access.

So what are the advantages of such a service? The obvious ones are being able to arm the system while you are outside the building. It allows you to disarm the system remotely so a friend can get in, a landlord, the fire department, et al. That's just the beginning. You can add/delete users on the fly or change user codes. Some providers allow sensors to remain actively monitored even when the alarm system is disarmed. Whenever a sensor's status changes the event is logged, and the user can create alerts (emails/sms) to identify whenever this event occurs. So a parent can see when a child arrives home, or opens the liquor cabinet, goes into space where a firearm is maintained, and so on.

It also becomes possible to create a system with no "quiet zone" around the access door. This last point is unique. Instead of providing greater convenience and control it opens possibilities for identifying intrusions. Without the "quiet zone" around the keypad the alarm system activates immediately upon entry. This is true both for the intruder and the legitimate user. The legitimate user should, of course, disarm the system prior to entering. There may not even be a keypad by a door to facilitate system operations. Or a dummy keypad can be placed by a door to allow the less intelligent intruder to "try" to disarm the system - slowing them down for both an apprehension by law enforcement and limiting their ability to collect items to steal. Most importantly, the detection time is shortened.

So, is this feature worth it? I wouldn't want a system without it. Is it possible for an accomplished hacker to bypass this aspect of the system? Yes, no, maybe, what of it. For now this is a more powerful tool for the threat it is designed - the burglar. The super-hacker is not who is likely to target your home, unless you in a position of power, prestige or fame in which case you should hire a professional to guide and assist you with a more integrated all-risk approach. For the rest of us the street criminal that is likely to target our homes can be better managed as you take greater control of your systems.